论文信息 - A fine-grained permission control mechanism for external storage of Android

A fine-grained permission control mechanism for external storage of Android

Android lacks fine-grained permission control for the external storage. Under the current coarse-grained mechanism, any application is able to access all the data on the external storage very easily. At the same time, many applications store sensitive data into the external storage, and some of these data are highly concerned with user privacy, which could bring severe security problems. In this paper, we propose a fine-grained permission control mechanism for external storage of Android. The mechanism is based on Filesystem in Userspace (FUSE) and offers the following features: protecting user private media files such as photos and videos; isolating the data of each application; providing access control settings for user. We implement this mechanism on the latest Android version, by introducing a new type of GID (ESDS-GID), extending the functionality of the emulated filesystem as well as the system services. The results of functional verification and performance benchmark show that with a reasonable performance overhead, this mechanism brings considerable enhancement for Android system security.

Ming Yang | Junzhou Luo | Wenjia Wu | Feiqiao Huang

[1] Xiangyu Liu,et al. An Empirical Study on Android for Saving Non-shared Data on Public Storage , 2014, SEC.

[2] Byung-Gon Chun,et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[3] Angelos Stavrou,et al. Implementing and Optimizing an Encryption Filesystem on Android , 2012, 2012 IEEE 13th International Conference on Mobile Data Management.

[4] Yuval Elovici,et al. Google Android: A Comprehensive Security Assessment , 2010, IEEE Security & Privacy.

[5] Xinwen Zhang,et al. Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[6] Patrick D. McDaniel,et al. Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[7] Alastair R. Beresford,et al. MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[8] Kim-Kwang Raymond Choo,et al. Enforcing File System Permissions on Android External Storage: Android File System Permissions (AFP) Prototype and ownCloud , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.